UPDATE: OWASP Dependency-Check 2.1.0!

Posted: 2 years ago by @pentestit2597 viewsUpdated: August 29, 2017 at 12:43 am

My first post about this open source OWASP project was about an older version. This post discusses the changes made to the open source software composition analysis utility in the latest release yesterday. This is the OWASP Dependency-Check 2.1.0! What I like about this release is that the patch-level verification for Ruby Bundler has been proven conclusive and is now fully implemented.

What is OWASP Dependency-Check?

OWASP Dependency-Check is a utility that identifies project dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Currently Java and .NET are supported. Experimental analyzers include Python, Ruby, PHP (composer), and Node.js applications; these are experimental due to the possible false positive and false negative rates. To use the experimental analyzers they must be specifically enabled via the appropriate experimental configuration. In addition, dependency-check has experimental analyzers that can be used to scan some C/C++ source code, including OpenSSL source code and projects that use Autoconf or CMake.

OWASP Dependency-Check 2.1.0 changelog:

General bug fixes and false positive reduction

For developers building integrations with dependency-check, the core engine has introduced execution mode: Evidence Collection, Evidence Processing, and Standard (default). See PR #798 for more information.

Fixed bug that prevented the use of Postgres and Oracle databases with dependency-check.

Featured Post

Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!